CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21870 – ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
https://notcve.org/view.php?id=CVE-2025-21870
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Other, non DAI copier widgets could have the same stream name (sname) as the ALH copier and in that case the copier->data is NULL, no alh_data is attached, which could lead to NULL pointer dereference. We could check for this NULL pointer in sof_ipc4_prepare_copier_module() and avoid the crash, but a similar loop in sof_ipc4_widget_setup_comp_dai() will miscalculate the ALH d... • https://git.kernel.org/stable/c/a150345aa758492e05d2934f318ce7c2566b1cfe •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21869 – powerpc/code-patching: Disable KASAN report during patching via temporary mm
https://notcve.org/view.php?id=CVE-2025-21869
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Disable KASAN report during patching via temporary mm Erhard reports the following KASAN hit on Talos II (power9) with kernel 6.13: [ 12.028126] ================================================================== [ 12.028198] BUG: KASAN: user-memory-access in copy_to_kernel_nofault+0x8c/0x1a0 [ 12.028260] Write of size 8 at addr 0000187e458f2000 by task systemd/1 [ 12.028346] CPU: 87 UID: 0 PID: 1 Comm: systemd Tainted... • https://git.kernel.org/stable/c/465cabc97b42405eb89380ea6ba8d8b03e4ae1a2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21868 – net: allow small head cache usage with large MAX_SKB_FRAGS values
https://notcve.org/view.php?id=CVE-2025-21868
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: net: allow small head cache usage with large MAX_SKB_FRAGS values Sabrina reported the following splat: WARNING: CPU: 0 PID: 1 at net/core/dev.c:6935 netif_napi_add_weight_locked+0x8f2/0xba0 Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.14.0-rc1-net-00092-g011b03359038 #996 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 RIP: 0010:netif_napi_add_weight_locked+0x8f2/0xba0 C... • https://git.kernel.org/stable/c/3948b05950fdd64002a5f182c65ba5cf2d53cf71 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21867 – bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
https://notcve.org/view.php?id=CVE-2025-21867
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The cause of the issue was that eth_skb_pkt_type() accessed skb's data that didn't contain an Ethernet header. This occurs when bpf_prog_test_run_xdp() passes an invalid value as the user_data argument to bpf_test_init(). Fix this by returning an error when user_data is less than ETH_HLEN in bpf_test_init(). Addition... • https://git.kernel.org/stable/c/be3d72a2896cb24090f268dce4aa8a304d40bc23 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52927 – netfilter: allow exp not to be removed in nf_ct_find_expectation
https://notcve.org/view.php?id=CVE-2023-52927
14 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl. In the Linux kernel, the... • https://git.kernel.org/stable/c/3fa58a6fbd1e9e5682d09cdafb08fba004cb12ec •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21866 – powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
https://notcve.org/view.php?id=CVE-2025-21866
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in copy_to_kernel_nofault+0xd8/0x1c8 Write of size 8 at addr f1000000 by task chronyd/1293 CPU: 0 UID: 123 PID: 1293 Comm: chronyd Tainted: G W 6.13.0-rc6-PMacG4 #2 Tainted: [W]=WARN Hardware name: PowerMac3,6 7455 0x8... • https://git.kernel.org/stable/c/37bc3e5fd764fb258ff4fcbb90b6d1b67fb466c1 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21865 – gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
https://notcve.org/view.php?id=CVE-2025-21865
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). Brad Spengler reported the list_del() corruption splat in gtp_net_exit_batch_rtnl(). [0] Commit eb28fd76c0a0 ("gtp: Destroy device along with udp socket's netns dismantle.") added the for_each_netdev() loop in gtp_net_exit_batch_rtnl() to destroy devices in each netns as done in geneve and ip tunnels. However, this could trigger ->dellink() twice for the same device during ->... • https://git.kernel.org/stable/c/c986380c1d5274c4d5e935addc807d6791cc23eb •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21864 – tcp: drop secpath at the same time as we currently drop dst
https://notcve.org/view.php?id=CVE-2025-21864
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6_tunnel_net_exit while running tests that boil down to: - create a pair of netns - run a basic TCP test over ipcomp6 - delete the pair of netns The xfrm_state found on spi_byaddr was not deleted at the time we delete the netns, because we still have a reference on it. This lingering reference comes from a secpath (which holds a ref on the xf... • https://git.kernel.org/stable/c/68822bdf76f10c3dc80609d4e2cdc1e847429086 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21863 – io_uring: prevent opcode speculation
https://notcve.org/view.php?id=CVE-2025-21863
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. • https://git.kernel.org/stable/c/d3656344fea0339fb0365c8df4d2beba4e0089cd •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21862 – drop_monitor: fix incorrect initialization order
https://notcve.org/view.php?id=CVE-2025-21862
12 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: